privacy

You are currently browsing the archive for the privacy category.

Exif, or How did you know where I was in that photo?

October 13, 2011 in advice, privacy | Permalink

Recently, my mother sent me one of those news clips about how easy it was to find (read stalk) kids, just from a photo a parent took a smartphone and then posted it on some photo-sharing site. Like all of those news shorts, there was truth and hyperbole wrapped up in this piece she sent.

Smartphone cameras are amazing things; they can store all sorts of information with the pictures you take. Some of that information includes the date and time of the photo, camera settings used when taking the photo, and GPS coordinates (geotagging) of where that picture was taken. When you share that photo, as in emailing it to your friends, or posting it via some of the photo sharing sites, you might also be sharing some of that information. And, then someone can extract that information, specifically the GPS coordinates stored when that picture was taken, and map it. Do that with enough photos and someone with evil intentions could create a map of common daily actions for that child so they could pick up that child. But, plain old street work can easily accomplish the same with much less effort.

And, here is where my favorite to bash for privacy invasion, Facebook, actually does a good job. When you post a photo with Facebook, their posting process actually strips out most of this hidden information (called Exif if you want to look up more about it). Flickr seems to do a similar thing, also.

How do you find out if your photos on the web contain this information? Find the photo, save a copy to your computer and open it with your favorite image editor. Most will have some way to see this stored information. Or, you can right-click on an image and look at properties (in Windows) or use get info (in OSX) to see this Exif data. There are programs to erase or modify this data and then you would repost your photo(s). And, then you will have data about your whereabouts floating around on the Web.

Staying a bit safer and private on the Web

June 20, 2011 in privacy | Permalink

Use temporary credit cards to avoid theft or repeat billing. Most all banks and credit card companies have a way to make a temporary card number, or something like a gift card. Using them will let you avoid a repeat billing you might forget about or risking a high credit limit card if someone gets your card information.

Use a fake birthday for web signups, change your gender, and use disposable email addresses to avoid spam or avoid annoying ads. If you are “male” on a site that is focused on mothering, you are not likely to get breast pump ads. And, having an email address, say from gmail.com, that is only used to sign up at places you otherwise don’t care to hear from, will keep spam corralled to that email address, not your personal or work one.

Use HTTPS whenever possible, create secure, easy-to-remember passwords, and keep your security questions as private as your passwords. On any web login page, make sure you are using SSL or that https:// is at the beginning of the web address. Easy to remember passwords are great but 12345678 isn’t one of them. However frvwtwncrr is easy to remember as it is fairviewtowncrier without the vowels yet rather hard to find in any common list or dictionary of passwords. And, always see if you can make up your own security question or start using your second grade teacher’s name as your mother’s maiden name.

And, some final rules for reigning in software, if you didn’t go looking for it, don’t install it, but, if you install it, always check for updates, and when you no longer need it, remove it.

Tips to Keep Your Gear Safe During Electrical Storms

May 9, 2011 in hardware, privacy | Permalink

Surge protectors are the way to go, either a good one as part of an Uninterruptible Power Supply, or something for fast clamping. Or, to protect everything you can get a whole house surge protector. Anytime your surge protector trips, you should consider replacing it, even though there is a reset button, the electronics won’t work as well for the next surge. Of course, the cheapest surge protector could be unplugging all electronics before the storm. No matter what kind of surge protection you use, you should always have a back up of your computer.

<http://www.geeksugar.com/Gadget-Safety-During-Electrical-Storms-16022695>

Protecting an old hard drive from snooping

This is just plain fun, you have an old hard drive you have taken out of a computer you are donating to someone, and you want to ensure that the data can not fall into nefarious hands. Why not take it apart and harvest some fun powerful magnets, get some fine shiny round reflectors to use in the garden against some kind of pest (not sure about how well that actually works) and know that you have made life harder for the spies.
<http://lifehacker.com/5797029/how-to-dismantle-and-destroy-a-hard-drive>

Create an Apple ID in iTunes Account Without a Credit Card

It may look impossible to create an Apple ID without putting in CC data, but you can do it by trying to install a completely free app while not signed into an account. Then you can find an option for “None” at the end of payment options.
<http://www.labnol.org/software/apple-id-without-credit-card/19299/>

Ease Neck and Shoulder Tension Quickly with Desk Yoga

I know I should do this more. And there are other GAIAM yoga exercises, just look at some of the other suggestions to the right of this YouTube video.
<http://www.youtube.com/watch?v=BBh7NQwlFIA>

How to Brighten Up a Specific Part of a Photo with Virtually Any Image Editor

Using any image editor, not just Photoshop, that has the ability to use layers and lighting adjustments, you can heighten the lighting that dark part of your otherwise wonderful photo.
<http://lifehacker.com/5797565/how-to-brighten-up-a-specific-part-of-a-photo-with-virtually-any-image-editor>

iCal upgrade, Epsilon email breach, Facebook

April 7, 2011 in privacy, software | Permalink

MobileMe iCal upgrade

On May 5, 2011, MobileMe will transition to their new Calendar service. If you sync iCal calendars between devices, like two or more computers, iPods, iPads and such, and you wish to continue accessing your calendar at <me.com>, you will have to upgrade your calendars at <me.com>. Apple says all you have to do is log into <me.com/calendar>, using your MobileMe login and password. It is best to make sure your calendar is up to date, as in you have made sure to manually sync it with the MobileMe prefpane in System Preferences or the MobileMe sync widget up in the menu bar near the clock. Also, do whatever you normally do to back up your calendar data. It would be good to make sure that your other devices that also sync calendars via MobileMe are turned off or at least not syncing.

Finally, back on the <me.com/calendar> web page, click on the Upgrade Now icon in the lower left corner. Wait, and wait, and wait even longer. Don’t close the web browser window if you want any chance of watching the progress. When it is done, double-check your calendar(s) and if all is OK, turn back on syncing on your other devices.

Oh, and Apple wants you all to be using Snow Leopard, 10.6.4 at least. See more info at <http://support.apple.com/kb/HT4037>

Epsilon email list breach

Worthy of an April Fools joke, on April 1st, Epsilon, out of Texas, admitted an “unauthorized entry into Epsilon’s email system” on March 30, and that the “information that was obtained was limited to email addresses and/or customer names only.” What does Epsilon do? They handle email campaigns for many large corporations and they have not said who. However, large banks, like JP Morgan Chase, Citibank, U.S. Bank, Barclays Bank and Capital One, and other corporations like Krogers, Home Shopping Network, the College Board, Best Buy, Home Depot, and. Time to learn about “spear phishing”, when email or other contact makes us of trust we have in an institution contacting us by email, phone or in person, while relying on appearing to be something we trust. Now, we have to pay more attention to scam messages with targeted messages trying to trick us into changing login information via a fake page, giving up other information that might give them access to other online accounts. or get us to buy fake or unneeded services and products. . So, if asked via email for your account number, UserID, PIN or password, don’t reply. Call instead to verify.

Facebook

If you were to see “My Facebook wall has been viewed X times.” coming from a Facebook friend, should you just click on the link to see if you can find out the same information for your Facebook page? Well, the result is likely to be that you end up giving a third party application access to be able to post messages using your Facebook account name. Facebook is a major conduit for spamming and phishing messages, trying to make use of our trust in what appear to be legitimate messages from our friends. However, nothing in the way that email is structured currently can assure you that the sender of a message is really who he/she says. Facebook is not really good at shutting down scammers, so you have to pay more attention. And, while you are at it, you might want to use a different browser for your Facebooking, doing your regular browsing with your normal web browser. If you don’t log out of Facebook and just continue browsing, then all of those websites with a Facebook Like button are letting Facebook know what sites and pages you are looking, even if you don’t click the Like button.

And, by the way, spend a little time learning the Facebook privacy settings at http://www.facebook.com/privacy/explanation.php

Getting offline after death

September 14, 2010 in privacy | Permalink

And, now for something that we don’t think about that much with the internet. planning for what happens to our virtual selves after death, what to do with all of our virtual affairs.

There are at least two parts to this, the first one is to have a list of all the logins and passwords for services you use. This means, email, banks, any and all payment sites, ebay, paypal, google accounts and other accounts, facebook, twitter, and don’t forget to include all of those accounts you have to make just to read or post on certain sites. Once you have this list, go through it and figure out which accounts you don’t care about, the ones that you may not want anyone to know about and strike them off the list. All of the remaining ones you should make a list of in a secure place like a safety deposit box and/or your lawyer who has possession of your will.

Now, comes the second part, you figuring out for all of your social networking accounts, how you want your death announced. If you are active in a group online, you don’t want them left wondering about why you all of a sudden stopped participating. Of course, you don’t have to set up such “memorials” for banks and such, but still have those passwords available.

And, then the fun part, actually getting the accounts terminated. Just as you probably are not even thinking about the need for this topic, many services have also ignored what they might have to do. Twitter and Facebook have actually worked out policies for what they will do with your account, but many others require an amazing amount of paper work, photo ids and account particulars, that you will find it easier to have your executor just login as you and terminate or handle your account in the way you dictate. Having a lawyer, rather than a family member, handle this part may be better as you won’t have to worry about what this person might find in some of your accounts. About the accounts you don’t want anyone to know about ever, you should find out how to clear out all your account information so that it can not be sold out later as online companies consolidate and change their terms of service.

The bottom line is to at least start with a complete list of all your online logins and passwords so that your virtual affairs can also be wound up as you would wish.

Playing it safe on public wifi networks

July 12, 2010 in advice, privacy | Permalink

Public wifi networks are great when they are free, like they now are at Starbucks, but you should practice some basic safety.

Most public wifi networks do not use encryption passwords to get on, it makes it easier for the baristas and cashiers who don’t have to troubleshoot why the password isn’t working on your laptop. However, that also means that what you type into any web browser or send with your email program is going over the air in plain English, easy enough for others to pick up. So, rule one, above all rules, take a second to think about what you are doing, others may be looking over your cyber shoulder.

Turn off file sharing.
Turn on your firewall.
Any website you are at that contains private information, or where you have to type in a password, should be using SSL. That means that the beginning of the web address is https://www.somewhere.com/ , note the “s” at the end of http. Pay attention to how you read your email, for example Gmail uses SSL all the time, not just for the login, which means that reading your emails is still safe from prying eyes.
Use a VPN, something that sounds high tech and would only be of use if you are connecting to another network at work. And, then you may have it already set up. You might want to use that VPN and then from the “work” computer do your web surfing and other email.
Turn off your wifi when you are not using it, if it off nothing can get you, right?

« Older entries